ACPI: GTDT: Tighten the check for the array of platform timer structures
As suggested by Marc and Lorenzo, first we need to check whether the platform_timer entry pointer is within gtdt bounds (< gtdt_end) before de-referencing what it points at to detect the length of the platform timer struct and then check that the length of current platform_timer struct is also valid, i.e. the length is not zero and within gtdt_end. Now next_platform_timer() only checks against gtdt_end for the entry of subsequent platform timer without checking the length of it and will not report error if the check failed and the existing check in function acpi_gtdt_init() is also not enough. Modify the for_each_platform_timer() iterator and use it combined with a dedicated check function platform_timer_valid() to do the check against table length (gtdt_end) for each element of platform timer array in function acpi_gtdt_init(), making sure that both their entry and length actually fit in the table. Suggested-by:Lorenzo Pieralisi <lpieralisi@kernel.org> Co-developed-by:
Marc Zyngier <maz@kernel.org> Signed-off-by:
Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by:
Hanjun Guo <guohanjun@huawei.com> Tested-by:
Catalin Marinas <catalin.marinas@arm.com>
Loading
Please sign in to comment